http://wstiac.alionscience.com/quarterly 


WSTIAC  Quarterly 
Volume  9,  Number  4 

■  •  |  *1|0 

l|1  •  ID  «1f  1  011  I  0  4  0 

*  tito  (it  1 1  «o  •  1 

lot  1  (It  01  0  •  1 

Wot  0  (It  ot  »1  t  1 

•110  II  It  «1  II 

*)•  t  01  0  01  ot  '1  I  0 

i  *  D  «1 1  1  01  1  I  0  ||  0 

•fit  I)  1  ot  Ot  0  t  1 


reapon  Systems 'Technology 
flTormatiorTAnalysis  CdVi'ter  | 

f  t  1  to  to  <01  Ot 

■  f  0  *1  10  «ti 
i  t  o  H  0  to  I  tl  v 

1  I  1  10  011  II  1 

i  *o  to  tn  i(yf 

*  •  1  tl  II  '-'W-T* 

o  tA-i*0  ‘i’  “O  t; 


or  i  •  kfwfy*  ir^ot  i 

lit"  tate)(  d  tot  i 

0 1  I  *  tOMO(  H  ot  1 

IT —  1 1  1  H  111 

1*  *  •  I  1  t)  (It  0 
0  I  »  to  t  01  0 


WSTIAC  is  a  DoD  Information  Analysis  Center  Sponsored  by  the  Defense  Technical  Information  Center 


Form  Approved 
OMB  No.  0704-0188 


Report  Documentation  Page 


Public  reporting  burden  for  the  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  searching  existing  data  sources,  gathering  and 
maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information, 
including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters  Services,  Directorate  for  Information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington 

VA  22202-4302.  Respondents  should  be  aware  that  notwithstanding  any  other  provision  of  law,  no  person  shall  be  subject  to  a  penalty  for  failing  to  comply  with  a  collection  of  information  if  it 
does  not  display  a  currently  valid  OMB  control  number. 

1.  REPORT  DATE 

01  APR  2010 

2.  REPORT  TYPE 

N/A 

3.  DATES  COVERED 

4.  TITLE  AND  SUBTITLE 

5a.  CONTRACT  NUMBER 

WSTIAC  Quarterly,  Vol.  9,  No.  4  -  Cyber  Warfare:  Understanding  the 

5b.  GRANT  NUMBER 

i  iii  cut  iu  capuii  cjpicius 

5c.  PROGRAM  ELEMENT  NUMBER 

6.  AUTHOR(S) 

5d.  PROJECT  NUMBER 

5e.  TASK  NUMBER 

5f.  WORK  UNIT  NUMBER 

7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS(ES) 

WSTIAC  Weapon  Systems  Technology  Information  Analysis  Center, 
Rome,  NY 

8.  PERFORMING  ORGANIZATION 

REPORT  NUMBER 

W  STIAC- V  9-N4 

9.  SPONSORING/MONITORING  AGENCY  NAME(S)  AND  ADDRESS (ES) 

10.  SPONSOR/MONITOR’S  ACRONYM(S) 

Defense  Technical  Information  Center,  Ft  Belvoir,  VA 

11.  SPONSOR/MONITOR’S  REPORT 
NUMBER(S) 

12.  DISTRIBUTION/AVAILABILITY  STATEMENT 

Approved  for  public  release,  distribution  unlimited 

13.  SUPPLEMENTARY  NOTES 

The  original  document  contains  color  images. 

14.  ABSTRACT 

This  issue  of  the  WSTIAC  Quarterly  features  an  article  on  Cyber  Warfare:  TheThreat  to  Weapon  Systems 
and  Cyber  This,  Cyber  That...  So  What?  Included  submission  are  the  WSTIAC  Directors  Corner  and 
Training  Courses  sponsored  by  WSTIAC. 

15.  SUBJECT  TERMS 

16.  SECURITY  CLASSIFICATION  OF: 

17.  LIMITATION  OF 
ABSTRACT 

uu 

18.  NUMBER 
OF  PAGES 

16 

19a.  NAME  OF 
RESPONSIBLE  PERSON 

a.  REPORT 

unclassified 

b.  ABSTRACT 

unclassified 

c.  THIS  PAGE 

unclassified 

Standard  Form  298  (Rev.  8-98) 

Prescribed  by  ANSI  Std  Z39-18 


http://wstiac.alionscience.com/quarterly 


The  tactics,  weapons,  and  defense  materiel  and  sys¬ 
tems  involved  in  warfare  have  been  evolving  for  cen¬ 
turies  and  even  millennia.  While  the  battlefield  and 
methods  of  engagement  of  opposing  forces 
have  also  been  evolving,  the  new  tactics 
being  implemented  in  cyberspace  are  revo¬ 
lutionizing  warfare.  Cyber  warfare  is  essen¬ 
tially  the  use  of  networks  and  control  sys¬ 
tems  to  carry  out  organized  disruptive, 
disabling,  destructive  or  malicious  attacks. 
Methods  and  targets  of  cyber- attack  range 
from  hiding  malicious  software  in  new 
computer  products  to  gaining  access  to 
secure  networks  and  disrupting  functions  of 
critical  infrastructure  such  as  power,  trans¬ 
portation,  and  communication.  Cyber  warfare  can 
also  entail  disrupting  a  military  force  by  disabling 
communication  and  control  among  its  various 
weapon  systems. 

Weapon  systems  are  increasingly  vulnerable  to 
cyber  warfare  as  they  become  more  automated  and 
networked.  Current  and  future  weapon  systems  are 
being  infused  with  technological  advancements,  many 
of  which  are  electronic,  including  sensors,  communi¬ 
cation  systems,  and  control  systems.  For  instance, 
various  battlefield  systems  are  being  networked  to  pro¬ 
vide  augmented  command  and  control  ability.  This 
establishes  a  battlefield  advantage,  and  even  though 
the  systems  are  embedded  with  highly  advanced  secu¬ 
rity,  any  time  there  is  opportunity  for  interconnection 
there  is  potential  vulnerability  to  foreign  access.  More¬ 
over,  computer  processors,  memory,  and  other  hard¬ 
ware  are  ubiquitous.  While  scans  can  be  run  on  soft¬ 
ware  and  hardware,  there  is  a  potential  for  infiltration 
during  development  or  manufacturing.  Infiltration 
can  thus  enable  a  cyber  attack  on  weapon  systems. 

One  of  the  challenges  associated  with  cyber  warfare 
is  that  it  is  difficult  to  define  since  it  is  a  relatively  new 


and  rapidly  evolving  form  of  warfare.  As  such,  the  pol¬ 
icy  and  doctrine  surrounding  it  are  still  being  devel¬ 
oped.  Yet  it  is  becoming  increasingly  important  to  take 
into  consideration  the  impact  of  cyber  warfare  when 
designing  the  next  generation  of  weapon  systems. 
While  presumably  engagements  will  continue  to  occur 
on  the  physical  battlefield  throughout  the  century,  this 
additional  dimension  of  warfare  will  continue  to 
expand  its  role  in  coming  decades. 

This  issue  of  the  WSTIAC  Quarterly  is  especially 
focused  on  cyber  warfare  as  it  relates  to  weapon  sys¬ 
tems.  In  particular,  the  first  article  frames  the  threats 
of  cyber  warfare  to  weapon  systems  against  a  back¬ 
ground  of  cyber-related  definitions  and  military  doc¬ 
trine.  In  addition,  the  article  provides  a  brief  overview 
of  some  potential  cyber  warfare  targets.  The  author 
encourages  the  development  of  more  decisive  cyber 
warfare  doctrine  that  can  lead  to  more  robust  weapon 
systems. 

The  second  article  presents  cyber  warfare  as  it  per¬ 
meates  all  aspects  of  war  fighting  environments  includ¬ 
ing  land,  air,  sea,  space,  and  cyberspace.  It  further 
addresses  the  concept  that  cyber  operations  are  addi¬ 
tional  methods  through  which  mission  objectives  can 
be  accomplished.  This  is  an  important  viewpoint  as  it 
hopefully  imparts  a  perspective  on  how  those  involved 
with  weapon  systems  technology  can  influence  cyber 
operations. 

The  two  articles  address  the  topic  of  cyber  warfare 
from  slightly  different  perspectives.  One  addresses  the 
perspective  of  defending  against  cyber  attacks,  while 
the  other  discusses  using  cyberspace  to  conduct  mili¬ 
tary  operations.  The  intent  of  these  articles  is  to  stim¬ 
ulate  some  thought  and  discussion  about  where  the 
crossroads  meet  between  weapon  systems  technology 
and  cyber  warfare.  I  hope  this  issue  proves  to  be  useful 
in  your  continued  efforts  to  support  our  warfighters. 

John  Weed,  WSTIAC  Director 
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cyber  Warfare: 

The  Threat  to  Weapon  Systems 


Lionel  D.  Alford 
Lieutenant  Colonel  USAF  (retired) 


INTRODUCTION 

Carl  von  Clausewitz  defined  war  as  “...an  act  of  violence  intended 
to  compel  our  opponent  to  fulfill  our  will...  In  order  to  attain  this 
object  fully,  the  enemy  must  be  disarmed,  and  disarmament 
becomes  therefore  the  immediate  object  of  hostilities...”  [1]  This  def¬ 
inition  no  longer  describes  the  full  spectrum  of  modern  warfare. 
With  today’s  software-intensive  systems,  the 
capability  to  attack  a  nation  without  the  use  of 
violence  already  exists,  which  fulfills  the  second 
half  of  von  Clauswitz’s  definition  of  war  to  “dis¬ 
arm  the  enemy.”  The  concept  and  use  of  cyber 
warfare  has  grown  exponentially  in  recent  years. 

Although  cyber  warfare  is  typically  associated 
with  information  systems,  this  article  describes 
how  cyber  warfare  could  potentially  affect 
weapon  systems. 

Warfare  Without  Violence 
The  term  cyber  can  be  used  to  describe  systems 
that  employ  mechanical  or  electronic  systems  to 
replace  human  control.  In  this  article  the  term 
includes  systems  that  incorporate  software  as  a  control  element. 
Cyber  warfare  can  be  waged  without  executing  a  physical  attack, 
and  therefore  the  dependence  on  software  intensive  systems  (cyber 
systems)  can  make  nations  vulnerable  to  warfare  without  violence. 

Traditionally,  the  attacks  carried  out  during  war  were  focused 
on  the  physical  components  in  a  system  (e.g.,  military  personnel, 
weapons,  facilities,  and  vehicles).  The  goal  of  war  generally  has 
been  to  disable  and  destroy  these  objects.  Attacking  these  objects 
was  viewed  as  the  primary  method  of  “disarming  the  enemy.” 
From  a  strategic  standpoint,  these  objects  are  targeted  because 
they  are  part  of  a  larger  system: 

•  A  system  of  manufacturing  (attacked  by  strategic  bombing) 

•  A  supply  system  (attacked  by  interdiction  bombing) 

•  A  command  and  control  system  (attacked  through  blitzkrieg 
tactics) 

In  every  case,  the  destruction  of  the  components  is  intended  to 


affect  the  whole,  and  if  the  attack  does  not  disrupt  the  process,  it  at 
least  reduces  the  number  of  combatants  in  the  system.  Though  force 
is  directed  against  the  units  in  the  process,  the  ultimate  objective  is 
to  attack  the  process  itself.  These  processes  are  potential  “centers  of 
gravity”  of  the  enemy  nation  and  forces.  [1]  By  attacking  the  center 
of  gravity,  the  enemy’s  capability  to  wage  war  can  be  “disarmed.”  If  it 
were  possible  to  attack  a  center  of  gravity  without 
the  use  of  force,  a  nation  could  be  defeated  with¬ 
out  violence,  and  that  capability  would  revolu¬ 
tionize  warfare.  For  example,  if  an  attack  disrupt¬ 
ed  manufacturing  without  harming  the  machines 
or  personnel,  the  effect  would  be  the  same  as 
destroying  all  of  the  components  in  the  system.  It 
might  be  more  effective  because  components  and 
personnel  can  be  replaced;  the  disruption  of  the 
system  could  result  in  longer  lasting  damage.  If 
an  attack  disabled  military  systems,  and  if  the 
nation  could  not  detect  and  counter  this  kind  of 
threat,  it  would  be  unable  to  defend  itself.  This 
kind  of  attack  against  systems  and  processes 
instead  of  components,  if  successful,  would  bring 
a  nation  to  its  knees  without  violence  or  a  declared  war. 

Evolution  of  Information  and  Networked  Systems 
During  the  early  stages  of  the  World  Wide  Web  cyber  warfare 
was  defined  as  the  conduct  of  military  operations  according  to 
information-related  principles.  [7]  In  other  words,  the  term  was 
being  used  to  describe  the  disruption  of  military  communication 
and  coordination,  or  conversely,  using  information  and  communi¬ 
cation  systems  advantageously.  However,  this  definition  no  longer 
covers  the  full  extent  of  capabilities  now  possible  in  cyber  warfare. 
With  the  ever-increasing  availability  of  inexpensive  computer 
processors,  memory,  and  other  computer  hardware,  software  is 
being  used  to  control  systems  of  all  types,  purposes,  and  sizes.  Fur¬ 
thermore,  as  computer  networks  continue  to  expand  throughout  the 
world,  all  types  of  systems,  such  as  infrastructure  that  supports 
civilization  (e.g.,  electrical,  oil,  gas,  transportation,  and  water  treat- 


"Our  foes  have  extended  the 
fields  of  battle  -  from  physi¬ 
cal  space  to  cyberspace." 

—  President  Clinton, 

22  May,  1998 

Cyberspace  is  the  nervous 
system  -  the  control  system 
of  our  country. 

—  President  George  W.  Bush 

George  W.  Bush,  National  Strategy 
to  Secure  Cyberspace,  (The  White 
House,  February  2003) 


DoD  Cyber  Warfare  Doctrine 

In  spite  of  the  fact  that  the  DoD  has  been  expanding  cyber  warfare  doctrine  and  capabilities,  as  of  November  2009  these  actions  are  notably 
deficient.[2,  3]  Joint  Pub  3-1 3$,  Joint  Doctrine  for  Information  Operations,  was  updated  in  2006,  and  Joint  Pub  3-13.1,  Joint  Doctrine  for  Electron¬ 
ic  Warfare  was  updated  in  2007.[4,  5]  DOD  Directive  0-3600.01,  instituted  in  August  2006  still  addresses  cyber  warfare  in  terms  of  "Informa¬ 
tion  Operations."[6]  As  described  in  this  article  this  is  an  inadequate  approach  to  cyber  warfare.  In  addition,  instructions  such  as  DOD  5000.2- 
R,  Mandatory  Procedures  for  Major  Defense  Acquisition  Programs  (MDAPs)  and  Major  Automated  Information  System  (MAIS)  Acquisition 
Programs  handle  information  warfare  as  a  discrete  part  of  a  military  system.  It  does  not  address  software  as  the  major  element  of  a  weapon  sys¬ 
tem;  yet  many  software  and  software-controlled  systems  cannot  be  separated  from  the  system  being  developed. 
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Aircraft 

Year 

Software  Percentage 
of  Functions 

F-4 

1960 

8 

A -7 

1964 

10 

F-lll 

1970 

20 

F-15 

1975 

35 

F-16 

1982 

45 

B-2 

1990 

65 

F-22 

2000 

80 

Table  1.  Weapon  system  software 

dependencies.[8]  .  . 

ment  systems),  are  being 

integrated  or  accessible 
via  the  global  network. 

Vulnerability  of 
Weapons  Platforms 
to  Cyber  Warfare 
Weapon  systems  are  also 
increasingly  dependent 
on  software,  computer  hardware,  and  battlefield  networking,  and 
therefore  can  be  targeted  through  cyber  systems.  While  the  security 
of  these  weapon  systems  advance  in  step  with  the  development  and 
implementation  of  cyber  technology,  they  can  be  increasingly  affect¬ 
ed  by  cyber  attacks.  Aircraft  are  a  good  example  of  the  transition  of 
cyber  warfare  to  weapon  systems. 

In  the  past,  1 00  percent  of  an  aircraft’s  performance  and  capabil¬ 
ities  were  defined  by  hardware  (i.e.,  the  physical  makeup  of  the  air¬ 
craft).  In  more  recent,  advanced  aircraft,  75  percent  or  more  of  the 
aircraft’s  performance  and  capability  is  dependent  on  the  software 
(see  Table  1) .  [8]  Without  software,  aircraft  would 
not  be  controllable  or  reach  the  desired  perform¬ 
ance  capabilities.  For  instance,  the  F-16  is  unstable 
below  Mach  one,  and  uncontrollable  without  its 
software-based  flight  control  system.  The  Boeing 
777  and  the  Airbus  330  have  software  flight  control 
systems  without  any  manual  backup;  the  perform¬ 
ance  of  these  aircraft  is  dependent  on  their  digital 
flight  control  systems. 

In  some  cases,  through  software,  aircraft  perform¬ 
ance  is  gaining  limited  independence  from  physical 
configuration  and  therefore  software  dependence  and 
hardware  independence  are  growing.  The  F-22  in 
high  angle  of  attack  flight,  for  example,  uses  software 
controlled  vectored  thrust  and  flight  controls  to 
maneuver  the  aircraft.  Furthermore,  modern  aircraft 
are  fly-by-wire,  their  engines  are  control-by-wire, 
their  weapons  are  fire-  and  drop-by-wire.  Systems 
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that  in  the  past  were  entirely  hardware  with  mechanical  control  are 
being  replaced  by  software  with  software  control. 

Software  also  can  determine  the  strength  or  effectiveness  of  a 
modern  weapon  system,  and  provides  a  basis  for  the  integration  of 
many  disparate  items  through  networking.  These  networked  soft¬ 
ware  systems,  however,  are  now  vulnerable  to  cyber  attack,  and  the 
attacks  and  vulnerabilities  are  increasing  (Figure  1). 

Current  doctrine  (see  sidebar)  still  does  not  address  software  as 
the  major  element  of  a  military  fighting  system;  yet  as  the  above 
discussion  shows,  many  software  and  software-controlled  systems 
cannot  be  separated  from  the  system  being  developed.  The  F-22 
weapon  system  is  an  example  of  a  software-controlled  aircraft  sys¬ 
tem  that  contains  and  communicates  with  integrated  information 
systems  (Figure  2).  The  F-22  is  not  a  closed  system;  external  infor¬ 
mation  systems  update  and  integrate  F-22  combat  operations  dur¬ 
ing  flight.  Through  these  external  connections,  not  just  the  infor¬ 
mation  systems  but  the  basic  software  and  hardware  systems  of  the 
F-22  can  be  attacked.  Current  information  warfare  doctrine  in  the 


1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008 

Figure  1.  Number  of  vulnerabilities  cataloged  by  CERT.[10] 


CYBER  WARFARE  DEFINITIONS 

The  DoD  Dictionary  of  Military  and  Associated  Terms  defines  cyber¬ 
space  and  cyberspace  operations  as  follows: [9] 

Cyberspace  -  A  global  domain  within  the  information  environment 
consisting  of  the  interdependent  network  of  information  technology 
infrastructures,  including  the  Internet,  telecommunications  networks, 
computer  systems,  and  embedded  processors  and  controllers. 

Cyberspace  operations  -  The  employment  of  cyber  capabilities 
where  the  primary  purpose  is  to  achieve  objectives  in  or  through  cyber¬ 
space.  Such  operations  include  computer  network  operations  and 
activities  to  operate  and  defend  the  Global  Information  Grid. 

A  NEW  TAXONONY  OF  CYBER  TERMS 

Cyber  warfare  (CyW)  -  Any  act  intended  to  compel  an  opponent  to 
fulfill  our  national  will,  executed  against  the  software  controlling 
processes  within  an  opponent's  system.  CyW  includes  the  following 
modes  of  cyber  attack:  cyber  infiltration,  cyber  manipulation,  cyber 
assault,  and  cyber  raid. 

Cyber  infiltration  (Cyl)  -  Penetration  of  the  defenses  of  a  software 


controlled  system  such  that  the  system  can  be  manipulated,  assaulted, 
or  raided. 

Cyber  manipulation  (CyM)  -  Following  infiltration,  the  control  of  a 
system  via  its  software  which  leaves  the  system  intact,  then  uses  the 
capabilities  of  the  system  to  do  damage.  For  example,  using  system's 
software  to  turn  off  power. 

Cyber  assault  (CyA)  -  Following  infiltration,  the  destruction  of  soft¬ 
ware  and  data  in  the  system,  or  attack  on  a  system  that  damages 
the  system  capabilities.  Includes  viruses,  overload  of  systems  through 
excessive  data  transfer. 

Cyber  raid  (CyR)  —  Following  infiltration,  the  manipulation  or  acquisi¬ 
tion  of  data  within  the  system,  which  leaves  the  system  intact,  results  in 
transfer,  destruction,  or  alteration  of  data. 

Cyber  attack  -  see  Cyl,  CyM,  CyA,  or  CyR. 

Cyber  crime  (CyC)  -  cyber  attacks  without  the  intent  to  affect  nation¬ 
al  security  or  to  further  operations  against  national  security. 

The  concepts  of  cyber  warfare  also  apply  to  cyber  crime.  Cyber 
crime  is  a  critical  consideration.  To  prevent  international  catastrophes,  a 
nation  must  be  able  to  differentiate  between  cyber  crime  and  cyber 
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Figure  2.  Aircraft  are  more  technologically  sophisticated  than  ever, 
but  as  such  are  potentially  more  susceptible  to  cyber  attack.  (Photo 
courtesy  of  US  Air  Force.) 


Joint  Pubs  is  mainly  concerned  with  security  of  external  Com¬ 
mand,  Control,  Communications,  Computers,  and  Intelligence 
(C4I)  systems  integrated  on  the  F-22,  but  software-intensive 
sysl terns  make  internal  systems  of  the  F-22  vulnerable  to  cyber 
warfare  attack.  Our  doctrine  must  account  for  these  vulnerabilities 
and  provide  methods  of  offense  and  defense.  Although  unclassified 
DoD  publications  and  regulations  do  not  adequately  address  cyber 
warfare,  there  is  hope.  The  National  Military  Strategy  for  Cyber¬ 
space  Operations  from  2006,  does  correctly  define  and  specify 
policy  for  cyber  warfare.  [1 1]  Unfortunately,  these  policies  have  not 
permeated  DoD  doctrine. 

CYBER  WARFARE  TARGETS 

In  general,  cyber  warfare  targets  include  networks,  digital  systems, 
infrastructure,  and  any  other  element  that  acts  as  a  information, 
communication,  or  control  system.  [12]  Therefore,  specifically  for 
the  DoD,  any  military  system  controlled  by  software  is  susceptible 
to  cyber  attack. 


The  first  step  in  any  attack  is  cyber  infiltration;  all  systems  that 
incorporate  software  are  vulnerable  to  cyber  infiltration.  Actions  fol¬ 
lowing  cyber  infiltration  can  affect  organizations  via  the  transfer, 
destruction,  and  altering  of  records  (i.e.,  cyber  raid).  Software  with¬ 
in  systems  can  be  manipulated  and  the  systems  controlled  by  that 
software  can  be  damaged  or  controlled  (i.e.,  cyber  manipulation). 
The  software  itself  can  be  copied,  damaged,  or  rewritten  (i.e.,  cyber 
assault) . 

Military  systems,  including  databases,  will  constantly  be  the  tar¬ 
gets  of  cyber  warfare.  The  likelihood  of  a  cyber  attack  on  a  weapon 
system  is  high  during  wartime,  but  relatively  low  during  peacetime. 

MILITARY  TARGETS 

Military  Command,  Control,  Communications,  Computers, 
and  Intelligence 

Modern  military  systems  are  dependent  on  Command,  Control, 
Communications,  Computers,  and  Intelligence.  Military  forces  can¬ 
not  fight  without  the  coordination  and  communications  provided 
through  these  systems.  Military  C4I  systems  are  particularly  vulnera¬ 
ble,  and  are  the  primary  focus  of  DoD  cyber-related  doctrine.  JP  3- 
13  and  JP  3-13.1  both  provide  doctrine  for  information  related  war¬ 
fare.  C4I  systems  are  a  very  complex  mix  -  from  radios  to  radars, 
mainframes  to  personal  computers.  Military  C4I  uses  interfaces 
through  the  Internet,  base  and  organizational  Local  Area  Networks 
(LAN),  civilian  and  military  communication  systems,  navigation  sys¬ 
tems,  and  radios  in  various  frequency  ranges.  Military  C4I  systems 
are  particularly  vulnerable  because  they  interconnect.  Cyber  infiltra¬ 
tion  can  occur  at  many  points  and  potentially  affect  myriad  systems. 
For  instance,  cyber  warfare  can  affect  the  control  of  radars,  missiles, 
and  communications.  It  can  potentially  disable  missiles,  or  redirect 
them  to  launch  site.  Furthermore  it  can  disable  or  disrupt  command 
and  control  networks,  global  positioning  systems  (GPS),  and  mobile 
communication  systems. 

These  systems  and  their  interactions  are  so  complex  that  any 
modern  military  organization  is  unlikely  to  trace  the  full  potential  of 
any  single  cyber  infiltration.  The  possibility  exists  for  cyber  attacks  of 


warfare.  The  definition  of  cyber  crime  is  similar  to  cyber  warfare,  how¬ 
ever  it  has  two  key  differences.  First,  cyber  crime  is  not  waged  between 
officially  recognized  political  entities;  cyber  warfare  is  waged  between 
entities  that  are  governed  by  the  laws  of  war.  Second,  the  purpose  of 
cyber  crime  is  not  to  compel  our  opponent  to  fulfill  our  national  will, 
while,  this  is  the  purpose  of  cyber  warfare.  Cyber  crime  can  have  as 
grave  of  ramifications  as  cyber  war,  but  a  key  dimension  of  national  pol¬ 
icy  is  to  differentiate  between  the  two  to  prevent  retaliations  against 
nations  when  criminals  are  at  work.  A  crucial  aspect  of  cyber  opera¬ 
tions  is  that  cyber  warfare  and  crime  are  difficult  to  differentiate,  and  the 
warriors  are  not  as  obvious  as  in  a  shooting  war.  A  nation  will  not  have 
the  political  latitude  to  make  many  mistakes. 

Intentional  cyber  warfare  attack  (IA)  -  any  attack  through  cyber¬ 
means  to  intentionally  affect  national  security  (cyber  warfare)  or  to 
further  operations  against  national  security.  Includes  cyber  attacks  by 
unintentional  actors  prompted  by  intentional  actors.  (Also  see  uninten¬ 
tional  cyber  warfare  attack  (UA).) 

IA  is  equitable  with  warfare;  it  is  national  policy  at  the  level  of 
warfare.  UA  is  basically  crime.  UA  may  be  committed  by  a  bungling 
hacker  or  a  professional  cyber  criminal,  but  the  intent  is  self-serving  and 


not  to  further  any  specific  national  objective.  This  does  not  mean  unin¬ 
tentional  attacks  cannot  affect  policy  or  have  as  devastating  effects  as 
an  intentional  attack. 

Intentional  cyber  actors  (l-actors)  -  individuals  intentionally  prosecut¬ 
ing  cyber  warfare  (cyber  operators,  cyber  troops,  cyber  warriors, 
cyber  forces). 

Unintentional  cyber  actors  (U-actors)  -  individuals  who  make  cyber 
attacks  that  may  affect  national  security  but  are  largely  unaware  of  the 
international  ramifications  of  their  actions.  Unintentional  actors  may  be 
influenced  by  l-actors  but  are  unaware  they  are  being  manipulated  to 
participate  in  cyber  operations.  U-actors  include  anyone  who  commits 
Cyl,  CyM,  CyA,  and  CyR  without  the  intent  to  affect  national  security  or 
to  further  operations  against  national  security.  This  group  also  includes 
individuals  involved  in  CyC,  journalists,  and  industrial  spies.  The  threat  of 
journalists  and  industrial  spies  against  systems  including  UA  caused  by 
their  Cyl  efforts  should  be  considered  high. 

Unintentional  cyber  warfare  attack  (UA)  -  any  attack  through  cyber¬ 
means,  without  the  intent  to  affect  national  security  (cyber  crime). 
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every  type  and  the  results  can  be  catastrophic.  For  instance,  nuclear 
weapon  control  systems  are  incorporated  into  military  C4I.  As 
demonstrated  by  incursions  in  DoD  networks,  databases,  and 
websites,  almost  any  dedicated  foe  can  engage  in  cyber  attacks  against 


"Cyberspace  is  about  operations, 
not  communication.  It  is  about 
operations,  not  a  network.  It  is 
about  how  we  do  things  to  fight 
and  win. ..We  are  a  team  of  Air¬ 
men,  civilians  and  contractors  who 
enable  joint  forces  to  strike  with 
precision,  navigate  with  accuracy, 
communicate  with  certainty,  see 
the  battlefield  with  clarity  and 
network  with  assurance." 

—  Air  Force  General 

C.  Robert  Kehler 

12  January,  2010 


ty  standards.  Any  integration  or  communication  between  forces 
could  potentially  open  up  additional  security  vulnerabilities.  [15] 

Weapon  Systems 

Current  DoD  doctrine  does  not  adequately  cover  cyber  attacks  on 
military  hardware  systems,  such  as  aircraft,  vehicles,  etc.,  that  require 
software  to  operate.  [16- 18]  As  noted  previously,  the  F-22  is  a  cyber- 
controlled  aircraft  (Figure  2).  Infiltration  and  degradation  of  the  air¬ 
craft’s  systems  directly  or  via  its  C4I  connections  can  be  as  devastat¬ 
ing  as  shooting  it  out  of  the  sky.  Cyber  infiltration  of  the  C4I  system 
providing  data  to  modern  aircraft  allows  an  avenue  for  cyber  raid, 
manipulation,  and  assault.  Because  many  systems  like  the  civilian 
Global  Air  Traffic  Management  (GATM)  and  the  military’s  Tactical 
Targeting  Networking  Technology  (TTNT)  and  the  F-22  Intra- 
Flight  Data  Link  (IFDL)  automatically  update  aircraft  information 
and  intelligence,  they  can  allow  undetected  infiltration  of  the  air¬ 
craft.^]  Intelligence,  navigation,  and  communication  systems  are 
integrated  to  each  other  and  input  and  output  to  a  host  of  other  air¬ 
craft  systems,  including  the  flight  control  system  (through  the 
autopilot),  propulsion  system  (through  the  auto  throttles),  radar  sys¬ 
tem,  master  warning  system,  and  environmental  control  system. 
Using  the  correct  control  sequences,  inputs,  or  reprogramming,  an 
infiltrator  could  produce  any  level  of  systems  damage,  from  driving 
the  aircraft  off-course  to  overwriting  the  flight  control  software. 
UAVs  are  controlled  from  thousands  of  miles  distance,  and  therefore 
the  controls  could  be  potentially  hijacked.  Many  other  weapon  sys¬ 
tems  utilize  similiar  equipment  and  controls,  and  therefore  are  just  as 
susceptible. 


New  Doctrine 

What  the  above  shows  is  that  the  DoD  and  the  United  States  require 
a  strong  doctrine  to  address  cyber  warfare  in  all  its  potential  forms 
including  attacks  on  weapon  systems.  Taxonomy  and  cataloged  secu¬ 
rity  threats  go  a  long  way  to  build  a  framework  for  this  doctrine. 
That  is  the  first  step  in  the  development  of  a  doctrine  that  includes 
all  the  dimensions  of  current  and  future  cyber  warfare  threats.  The 
challenge  is  to  put  the  required  effort  and  funding  forward  to  ensure 
a  strong  level  of  security  for  all  software-controlled  systems. 
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military  computer  sys¬ 
tems.  [13,  14]  Since 
military  computers  are 
the  core  of  national 
C4I,  successful  IA  and 
UA  against  such  targets 
pose  a  national  security 
peril. 

The  US  is  currently 
executing  campaigns 
with  coalition  forces, 
which  may  use  equip¬ 
ment  and  systems  that 
are  not  as  technically 
advanced  and  do  not 
utilize  the  latest  securi- 
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Cyber  This/  Cyber  That . . .  So  What? 


Major  Eric  D.  Trias 
Captain  Bryan  M.  Bell 
US  Air  Force 


Revolutions  in  warfare  rarely  take  place  in  one’s  lifetime.  Rather,  an 
evolution  based  on  the  innovative  use  of  available  technology  and 
human  ingenuity  steadily  occurs.*  Is  the  ubiquity  of  cyberspace  oper¬ 
ations  and  technology  such  a  revolution?  Perhaps.  However,  any  rev¬ 
olution  should  not  compel  us  to  leave  behind  lessons  learned  from 
the  age  before  cyberspace.  Assiduous  students  of  warfare  will  still  find 
that  books  on  military  history,  theories  of  war,  doctrines,  and  publi¬ 
cations  on  past  conflicts  are  invaluable.  Cyberspace  does  not  change 
the  principles  of  war  or  the  tenets  of  airpower  from  the  Airman’s  per¬ 
spective.  At  an  even  more  granular  level,  only  minor  changes  are 
required  to  the  US  Air 
Force’s  air  and  space  (and 
cyberspace)  functions. 

When  the  chief  of  staff 
and  secretary  of  the  Air 
Force  added  cyberspace  to 
the  service’s  mission  state¬ 
ment  in  December  2005, 
it  became  powerfully  clear 
that  the  Air  Force  was 
serious  about  its  role  in 
providing  capabilities  in 
cyberspace  operations 
to  the  joint  fight.  [1]  As  a  result,  the  Air  Force  community,  along 
with  its  counterparts  in  other  services,  has  been  busy  developing 
supporting  documents  and  guidance  to  define  and  focus  what  the 
fledgling  mission  area  means  to  the  force.  Cyberspace  is  everywhere 
we  turn;  it  is  an  essential  part  of  our  daily  mission  and  activities. 
However,  we  must  remember  that  our  fundamental  functions  as  an 
Air  Force  have  not  changed. 

This  article  endorses  the  idea  that  cyber  operations  may  be  con¬ 
ducted  in  all  warfighting  domains:  air,  space,  cyberspace,  land,  and 
sea.  In  addition,  despite  the  immaturity  of  cyberspace  operational 
doctrines,  the  doctrines  from  air  and  space  remain  relevant  and 
applicable  to  the  cyberspace  domain.  Cyber  operations  are  just 
another  set  of  tools  in  the  commander’s  toolbox.  Although  cyber 
operations  have  distinct  ways  of  achieving  effects,  from  an  Air  Force 
perspective  they  are  similar  to  other  air  and  space  operations  that 
support  air  and  space  (and  cyberspace)  functions.  Known  and  estab¬ 
lished  cyber  operations  provide  war  fighters  with  viable  options  to 
kinetic  means.  This  article  highlights  the  role  of  cyber  operations  in 
supporting  the  air  and  space  functions. 

Lastly,  we  add  a  new  function,  countercyberspace ,  to  the  17  Air 
Force  functions  (see  Table  1).  Past  Air  Force  doctrine  has  used  dif¬ 
ferent  nomenclature  but  has  not  made  the  importance  of  counter¬ 
cyberspace  completely  clear  until  recently.  For  this  reason,  the  new 
function  necessitates  adjustments  to  the  existing  information  oper¬ 
ations  (IO)  function  to  account  for  duplication.  By  showing  that 


cyber  operations  are  just  another  set  of  tools,  we  can  integrate  pre¬ 
viously  defined  supporting  operations  in  an  initial  development  of 
cyberspace  operations  doctrine.  Eventually,  a  more  concrete 
Air  Force  cyberspace  doctrine  will  evolve  as  prescribed  by  lessons 
from  history  and  future  events. 

Doctrine  is  an  integrated  collection  of  lessons  learned  from 
experiments,  exercises,  and  past  engagements  that  we  accept  as  the 
best  practices  for  conducting  warfare.  [2]  Still  in  their  infancy,  cyber¬ 
space  operations  consequently  lack  the  history  of  experience  vital  for 
establishing  sound  doctrinal  statements.  Dr.  David  Lonsdale 

remarked  that  “new  or 
developing  methods  of 
warfare  require  doctrinal 
and  theoretical  develop¬ 
ment  [that]  should  be 
grounded  in,  and  informed 
by,  experience,  historical 
knowledge,  and  the  work 
of  the  universal  theorists, 
most  especially  Carl  von 
Clausewitz  and  Sun 
Tzu.”[3]  Air  Force  strate¬ 
gists  are  struggling  to  create 
doctrinal  principles  for  cyber  warfare  in  the  form  of  Air  Force  Doc¬ 
trine  Document  (AFDD)  2-11,  “Cyberspace  Operations,”  now  sev¬ 
eral  years  in  draft.  However,  we  must  be  careful  to  derive  cyber  doc¬ 
trine  and  strategy  from  the  proven  methods  of  previous  documents 
and  must  examine  how  we  can  employ  cyberspace  operations  in 
support  of  Air  Force  functions. 

The  Air  Force  functions  defined  in  AFDD  1,  Air  Force  Basic 
Doctrine ,  are  those  specific  responsibilities  that  enable  the  service  to 
fulfill  its  legally  established  roles  as  noted  in  Title  1 0,  United  States 
Code ,  section  8013.  The  operational  functions  listed  in  the  table  are 
the  “broad,  fundamental,  and  continuing  activities”  of  air,  space, 
and  cyberspace  power.  [2]  “They  are  not  necessarily  unique  to  the 
Air  Force...  but  together  they  do  represent”  how  the  service  fulfills 
its  assigned  missions.  [2]  The  following  sections  address  each  of  the 
air  and  space  functions,  discussing  how  cyberspace  operations  can 
provide  the  same  effects  and  serve  as  the  appropriate  foundation  for 
cyberspace  doctrine. 

STRATEGIC  ATTACK 

The  goal  of  strategic  attack  is  to  apply  force  systematically  against 
enemy  centers  of  gravity  in  order  to  produce  the  greatest  effect 
for  the  least  cost  in  dollars  and  lives.  [4]  As  illustrated  by  Colonel 
John  Warden’s  five  strategic  rings,  these  centers  may  be  material 
(infrastructure)  or  nonmaterial  (populace  support)  in  nature.  He 
further  advocates  attacking  the  three  elements  of  command- 


You  have  to  know  the  past  to  understand  the  present. 

—Carl  Sagan 


This  article  is  reprinted  in  part  from  Air  &  Space  Power  Journal,  Vol.  XXIV,  No.  1,  Spring  2010.  The  full  article  is  available  at  httpiHwww. 
airpower.  au.af.mil. 
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Table  1.  Air  Force  air,  space,  and  cyberspace  functions.^] 


Function 

General  Definition 

Air  and  Space  Example 

Cyber  Tasks 

Strategic  Attack 

Systematic  application  of  force  against 
enemy  centers  of  gravity 

Destroying  leadership, 
power,  and  communication  hubs 

Attack  on  supervisory  control  and 
data  acquisition  and  Internet  traffic 

Counterair, 

Counterspace, 

Counterland, 

Countersea 

Operations  conducted  to  attain  and 
maintain  a  desired  degree  of  superiority 
within  a  domain  while  denying  an 
adversary  use  of  that  same  domain 

Air  interdiction,  close  air  support, 
suppression  of  enemy  air  defenses, 
jamming  satellite  up/downlink 
frequencies 

Manipulating  databases,  images, 
power/controls  of  a  weapon  system 

Information  Operations 

Actions  to  support  commanders'  ability  to 
assess  the  operational  environment  and 
enhance  their  observe-orient-decide-act  loop 

Influence  operations,  electronic  warfare, 
military  deception,  counterintelligence 

Manipulation  of  Web  content, 
e-mail  "leaflets" 

Airlift,  Air  Refueling, 

Spacelift 

Activities  that  extend  the  reach  of  personnel  and 
materiel  in  order  to  provide  rapid,  functional, 
flexible,  timely,  and  responsive  options 

Intratheater  airlift,  operational  support 
airlift,  deployment  launch 

Messaging  e-mail,  Web  pages, 
remote  network  administration 

Intelligence, 

Surveillance  and 
Reconnaissance 

Activities  that  contribute  to  the  creation 
of  the  intelligence  preparation  of  the 
battlespace  in  order  to  provide  commanders 
detailed  knowledge  that  helps  them  better 
understand  and  know  the  enemy 

U-2s,  remotely  piloted  aircraft, 
national  assets,  human  intelligence 

Search  engines,  network 
enumeration,  honey  pots, 
packet  sniffing 

Special  Operations 

Operations  that  use  mobility  in  denied  territory, 
surgical  firepower,  and  special  tactics  to  conduct 
low-visibility,  covert,  or  clandestine  military  actions 

Special  reconnaissance,  psychological 
operations,  counterterrorism 

Address  masking,  Internet  cafes, 
botnets 

Combat  Support,  Command 
and  Control,  Combat  Search 
and  Rescue,  Navigation  and 
Positioning,  Weather  Services 

Actions  that  enable  the  war  fighter  to  focus 
on  and  successfully  carry  out  those  operations 
related  to  the  above  functions 

Aircraft  maintenance,  air  and  space 
operations  center,  global  positioning 
system  satellites,  National  Oceanic  and 
Atmospheric  Administration  satellites 

Net-centric  operations,  command 
and  control,  and  network  terrain 
packets 

Countercyberspace 

Operations  conducted  to  attain  and  maintain 
a  desired  degree  of  cyberspace  superiority  by 
destroying,  degrading,  denying,  deceiving, 
disrupting,  or  exploiting  the  enemy's  cyberspace 

Bombing  server  buildings 

Software  exploits 

capability 


information  gathering,  decision  making,  and  communication  (e.g., 
bombing  Iraq’s  communications  infrastructure  during  Operation 
Desert  Storm,  as  shown  on  Cable  News  Network). [5] 

The  cyberspace  domain  provides  adversaries  a  new  environment 
to  conduct  offensive  and  defensive  operations.  In  addition,  cyber 
operations  offer  the  means  to  expedite  other  operational  functions 
previously  conducted  through  other  domains.  “In  the  effort  to 
influence-whether  focused  on  an  individual,  an  organization,  or  an 
entire  society-cyberspace  is  a  key  operational  medium  via  which 
strategic  influence’  is  conducted.” [6]  However,  considering  modern 
organizations’  and  nations’  dependence  on  the  world’s  cyberspace 
infrastructure,  new  sources  of  vulnerabilities  are  tempting  targets  for 
strategic  attack,  especially  from  an  asymmetric  form  of  warfare. 

Over  the  past  few  years,  the  ability  to  use  cyber  operations  as  an 
avenue  for  strategic  attack  has  become  evident.  In  2007  the  Idaho 
National  Laboratory  for  the  Department  of  Homeland  Security  sim¬ 
ulated  a  cyber  attack  on  a  test  power  station.  The  simulation  demon¬ 
strated  an  exploitation  of  a  software  vulnerability  in  Supervisory  Con¬ 
trol  and  Data  Acquisition  (SCAD A)  systems,  the  computer  systems 
that  control  electric,  water,  and  chemical  plants  throughout  the  Unit¬ 
ed  States.  Designed  with  minimal  security  protection,  many  of  these 
systems  remain  vulnerable  to  cyber  attacks.  Even  terrorist  organiza¬ 
tions  are  interested  in  the  vulnerabilities  of  strategic  systems  like 
SCAD  A.  [7]  Examples  include  the  virtual  shutdown  of  the  Estonian 
government  via  its  Internet  infrastructure  and  the  Russian/ Georgian 
conflict  of  2008,  during  which  Russian  military  forces  orchestrated  a 
wave  of  cyber-related  operations  against  Georgia  prior  to  an  invasion. 
Coordinated  through  a  Russian  online  forum,  the  online  assault 
appeared  to  have  been  prepared  with  target  lists  and  details  about  vul¬ 
nerabilities.  The  cyber  attacks  were  carried  out  before  the  two  coun¬ 
tries  engaged  in  a  five-day  ground,  sea,  and  air  war.  [8] 
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COUNTERAIR,  COUNTERSPACE,  COUNTERLAND, 
COUNTERSEA 

These  operations  are  conducted  “to  attain  and  maintain  a  desired 
degree  of  superiority”  within  any  of  the  physical  domains  by  destroy¬ 
ing,  degrading,  denying,  deceiving,  disrupting,  or  exploiting  the 
enemy’s  capability  within  that  same  domain.  [2]  They  are  character¬ 
ized  by  actions  that  are  either  offensive  or  defensive  in  nature.  Offen¬ 
sive  counteroperations  inhibit  the  enemy  from  exploiting  a  particu¬ 
lar  domain  to  his  advantage.  [9]  One  goal  of  offensive  counterair 
involves  destroying  the  enemy’s  offensive  air  and  missile  assets  before 
he  can  do  the  same  in  order  to  establish  freedom  from  attack  for 
friendly  forces.  Defensive  counteroperations  “preserve  US/friendly 
ability  to  exploit”  a  domain  in  order  to  protect  friendly  capabili¬ 
ties.  [9]  During  Operation  Iraqi  Freedom,  coalition  forces  conducted 
a  defensive  counterspace  operation  to  destroy  an  adversary’s  “ground- 
based  global  positioning  system  (GPS)  jammers  to  preserve  freedom 
to  employ  GPS-aided  munitions  by  friendly  forces.” [2] 

US  military  assets  across  all  operational  domains  are  infused  with 
cyber  technologies,  as  is  the  case  for  most  modern  militaries.  The 
Quadrennial  Roles  and  Missions  Review  Report  of  January  2009  out¬ 
lines  the  Department  of  Defense’s  (DoD)  desire  to  seek  “strategic, 
operational,  and  tactical  cyberspace  capabilities  that  provide... 
warfighting  effects  within  and  through  the  cyberspace  domain  that 
are  synergistic  with  effects  within  other  domains.” [10]  Cyber-relat¬ 
ed  tools  and  operations  have  become  commonplace,  if  not  prereq¬ 
uisites,  in  military  operations.  Systems  such  as  data  links  shared 
among  platforms  and  command  and  control  (C2)  centers,  the  Blue 
Force  Tracker  utilized  by  the  US  Army,  and  GPS-aided  carrier-land¬ 
ing  technologies  employed  by  the  US  Navy  have  changed  the  exe¬ 
cution  of  specific  operations.  However,  they  exist  to  support  the 
same  service  functions. 


8 


http://wstiac.alionscience.com/quarterly 


http://wstiac.alionscience.com/quarterly 


Hackers  have  already  demonstrated  their  ability  to  break  into  the 
DoD’s  and  contractors’  networks.  [1 1]  Gaining  access  to  C2  data¬ 
bases  on  the  Internet  presents  an  opportunity  to  affect  the  timing  of 
launching  forces  from  garrison,  the  direction  they  take,  and  their 
actions  upon  arrival.  A  successful  breach  of  weapon  system  commu- 
nication/data-link  architectures  would  easily  allow  us  to  disrupt  the 
enemy’s  ability  to  execute  his  mission.  Infiltration  of  the  enemy’s 
cyberenabled  systems  would  also  let  us  manipulate  his  operating 
picture  or  influence  the  delivery  of  electric  power  or  the  operation 
of  satellite  control  systems. 

INFORMATION  OPERATIONS 

As  defined  by  AFDD  2-5,  Information  Operations ,  information 
operations  (IO)  exists  to  support  commanders  in  determining  the 
situation,  assessing  threats  and  risks,  and  making  timely  and  correct 
decisions.  Reliance  upon  accurate  information  and  its  speed  of  trav¬ 
el  make  dominating  the  information  spectrum  more  important  than 
ever.  Currently,  IO  consists  of  influence  operations,  network  warfare 
operations,  and  electronic  warfare  (EW)  operations.^  With  the 
advent  of  cyberspace  operations,  it  is  apparent  that  network  warfare 
operations  fall  under  this  new  concept.  However,  a  debate  contin¬ 
ues  over  the  future  of  EW.  After  the  publication  of  a  doctrine  for 
cyberspace  operations,  AFDD  2-5  must  be  revised  to  incorporate 
these  changes. 

This  does  not  mean  that  the  two  are  mutually  exclusive.  IO  can 
be  conducted  in  the  cyberspace  domain,  as  it  has  been  for  decades 
in  other  operational  domains.  However,  not  all  IO  can  be  consid¬ 
ered  cyberspace  operations.  For  example,  influence  operations  seek 
to  achieve  effects  resulting  in  a  change  in  the  enemy’s  observe,  ori¬ 
ent,  decide,  act  loop.  Traditional  means  include  dropping  leaflets  or 
using  human  messengers  to  conduct  psychological  operations 
(PSYOP).  EW  operations  seek  to  achieve  effects  across  the  electro¬ 
magnetic  domain,  including  radio  frequencies  as  well  as  optical  and 
infrared  regions  of  the  spectrum.  Traditional  EW  operations  con¬ 
ducted  by  aircrews  over  the  past  50  years  are  considered  noncyber 
by  entire  communities.**  “In  Operation  ALLIED  FORCE...  multi¬ 
service  capabilities  were  combined  in  the  form  of  ‘jam  to  exploit,’ 
demonstrating  how  opponent  communications  users  can  be  herded 
to  frequencies  which  intelligence  may  collect  and  exploit.”  [12]  IO 
often  consists  of  nonkinetic  actions  to  defend  our  decision  cycle  and 
influence  the  adversary’s,  but  it  can  also  take  the  form  of  physical 
attack  against  tangible  information  infrastructures. 

The  offensive  counter  information  activities  of  PSYOP,  mili¬ 
tary  deception,  and  information  attack  all  have  a  place  in  the  cyber 
realm.  Well-trained  cyber  forces  can  influence  enemy  decision 
cycles  by  presenting  misleading  Web  content  or  even  changing 
information  presented  by  reputable  sources.  Defensive  counter 
information  activities  such  as  information  assurance  and  opera¬ 
tional  security  protocols  are  already  in  place  at  all  Air  Force  instal¬ 
lations,  some  in  noncyber  form. 

COMBAT  SUPPORT,  COMMAND  AND  CONTROL,  COMBAT 
SEARCH  AND  RESCUE,  NAVIGATION  AND  POSITIONING, 
AND  WEATHER  SERVICES 

Combat  support,  C2,  combat  search  and  rescue  (CSAR),  naviga¬ 
tion  and  positioning,  and  weather  services  are  the  backbone  of  the 
previously  mentioned  air  and  space  power  functions.  Without  the 
success  of  these  functions,  other  functions  cannot  and  will  not  suc¬ 
ceed.  Combat  support  is  the  product  of  successful  logistical,  med¬ 


ical,  and  force-support  operations,  whose  synergy  with  other  oper¬ 
ations  is  essential  for  creating  combat  capability  across  the  range  of 
military  endeavors.  [2]  C2  encompasses  motivating  forces  into 
action  to  carry  out  the  mission  (command)  and  regulating  those 
same  forces  to  execute  operations  aligned  with  the  commander’s 
intent  (control). [13]  Effective  C2  enables  the  joint  force  com¬ 
mander  to  utilize  available  Air  Force  platforms  at  the  right  place 
and  time,  despite  the  fog  of  war,  and  degrade  the  enemy’s  capabil¬ 
ity  to  intercede.  [14]  CSAR  is  the  method  that  the  Air  Force  uses  to 
support  joint  personnel  recovery  in  “uncertain,  denied,  or  hostile 
environments.” [15]  Personnel  recovery  operations  are  essential  to 
sustaining  unit  morale,  preserving  critical  combat  resources,  and 
preventing  the  enemy  from  gaining  intelligence.  [2]  By  providing 
accurate  location  and  time  of  reference,  the  navigation  and  posi¬ 
tioning  function  enables  military  forces  to  maneuver  precisely,  syn¬ 
chronize  actions,  locate  and  attack  targets,  and  locate  and  recover 
downed  Airmen.  Weather  services  offer  timely  and  accurate  infor¬ 
mation  regarding  the  space  and  atmospheric  environments.  This 
information  is  critical  in  timing,  planning,  and  conducting  air  and 
space  operations,  thus  influencing  “the  selection  of  targets,  routes, 
weapon  systems,  and  delivery  tactics.” [13] 

Cyberspace  operations  enable  these  functions,  and  communica¬ 
tion  over  the  cyberspace  domain  facilitates  them.  For  the  most  part, 
precise  navigation  and  timing  rely  on  the  cyberspace  domain  for  sig¬ 
nal  transmission  and  dissemination  of  GPS  data.  Netcentric  opera¬ 
tions  have  made  way  for  continued,  efficient  support  of  war  fighters 
from  bed,  bullets,  and  beans  to  the  C2  elements  required.  The 
weapon  system  represented  by  the  Air  Force  air  and  space  operations 
center  consists  of  hundreds  of  servers  running  various  information 
systems,  each  one  operating  in  cyberspace. 

COUNTERCYBERSPACE 

We  propose  the  following  definition  for  countercyberspace:  a  func¬ 
tion  consisting  of  operations  to  attain  and  maintain  a  desired  degree 
of  cyberspace  superiority  by  the  destruction ,  degradation ,  or  disrup¬ 
tion  of  an  enemy s  capabilities  to  use  cyberspace.  This  definition  is 
similar  to  those  of  the  other  counterdomain  functions  listed  above. 
Although  it  does  include  the  requirement  of  superiority  within  the 
domain,  this  differs  considerably  from  how  we  view  air  or  space 
superiority.  The  draft  version  of  AFDD  2-11  defines  cyberspace 
superiority  as  “the  degree  of  advantage  possessed  by  one  force  over 
another  that  permits  the  conduct  of  operations  in  cyberspace  at  a 
given  time  and  place  without  prohibitive  interference  by  the  oppos¬ 
ing  force.” [16]  Air  and  space  superiority  is  characterized  by  free¬ 
dom  of  action  and  simultaneous  freedom  from  attack.  Freedom  of 
action  is  a  characteristic  of  cyberspace  superiority;  however,  due  to 
the  ubiquitous  nature  of  the  Internet,  freedom  from  attack  cannot 
be  assured  and  thus  is  not  a  requirement  for  cyberspace  superiori¬ 
ty.  An  appropriate  summary  of  cyberspace  superiority  would  be 
“freedom  of  action  through  attack”  (i.e.,  the  ability  to  act  even 
while  under  attack  and  after  an  attack).  General  Kevin  P.  Chilton, 
commander  of  US  Strategic  Command,  concluded  that  “we  went 
out  in  our  mission-oriented  protective  posture  (MOPP)  gear  and 
fixed  airplanes,  loaded  airplanes,  and  flew  airplanes.  We  conducted 
operations  in  a  hostile  environment.  That’s  what  operating  under 
attack  in  cyberspace  is  going  to  be  like.” [17]  We  can  be  certain  that 
cyberspace  will  remain  a  contested  environment,  but  this  should 
not  constrain  our  ability  to  operate  within  the  domain. 

continued  on  page  14 
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As  a  function,  countercyberspace  is  comprised  of  various  types  of 
cyber  and  noncyber- related  operations.  For  example,  if  the  desired 
effect  is  to  disrupt  Internet  service,  then  physical  attack  or  destruc¬ 
tion  of  cyber- related  equipment  (e.g.,  routers  and  buildings  housing 
Internet  service  providers)  can  be  considered  operations  in  support  of 
countercyberspace.  The  effect  also  may  be  delivered  in  the  form  of  a 
software  exploit  to  disrupt  legitimate  Internet  traffic  from  flowing 
properly.  Consider  one  unclassified  example.  In  May  2007,  President 
George  W.  Bush  ordered  the  National  Security  Agency  to  conduct  a 
cyber  attack  against  cell  phones  and  computer  networks  that  Iraqi 
insurgents  used  to  plan  roadside  bombings.  [18]  The  agency’s  efforts 
helped  US  forces  commandeer  the  Iraqi  fighters’  communication  sys¬ 
tem.  Former  Bush  administration  officials  involved  with  the  decision 
to  execute  the  attack  “credit  the  cyberattacks  with  allowing  military 
planners  to  track  and  kill  some  of  the  most  influential  insurgents,” 
eventually  helping  turn  the  tide  of  the  war.  [18] 

Both  physical  and  cyber  operations  may  produce  the  same  direct 
effect  in  support  of  the  countercyberspace  function,  but  they  have 
varying  levels  of  indirect  effects  that  must  be  considered.  On  the  one 
hand,  like  any  other  attack,  strikes  against  structures  housing  physical 
cyber  assets  have  the  potential  to  result  in  collateral  damage.  On  the 
other  hand,  attacks  through  cyberspace  against  cyber  assets  can  also 
result  in  cascading  collateral  damage.  The  fear  of  such  side  effects  had 
kept  American  leadership  from  pulling  the  trigger  of  cyber  weaponry. 
Prior  to  the  recent  US  invasion  of  Iraq,  DoD  leaders  considered  a  plan 
to  disable  the  Iraqi  banking  network.  However,  they  subsequently 
abandoned  it  after  determining  that  it  could  also  hinder  the  French 
banks  so  closely  tied  to  Iraqi  institutions  and  could  potentially 
migrate  to  the  other  allies,  including  the  United  States.  [18] 

We  must  give  serious  consideration  to  employing  a  cyber  “muni¬ 
tion”  because  it  is  not  usually  destroyed  during  an  attack.  Once 
released,  such  a  weapon  is  easy  to  capture.  Cyber  forces  can  then 
deconstruct  and  analyze  its  code  to  determine  appropriate  counter¬ 
measures  for  future  attacks  and  for  use  as  a  weapon  against  its 
sender.  [18]  To  attain  cyberspace  superiority,  we  must  execute  suc¬ 
cessful  offensive,  defensive,  and  maintenance  operations  through 
network  attack,  network  defense,  and  network  operations,  respec¬ 
tively,  in  order  to  attain  the  level  of  control  required  to  operate  unim¬ 
peded  while  preventing  the  enemy  from  gaining  advantage  from  the 
use  of  cyberspace.  [16]  Elevating  countercyberspace  operations  as  an 
Air  Force  function  will  help  provide  focus  and  set  boundaries  for  the 
service  and  joint  community. 

CONCLUSION 

Any  cyberspace  operational  doctrine  must  take  into  account  the 
similarities  between  and  relationships  with  air  and  space  operations. 
Many  people  agree  with  the  draft  cyberspace  operations  doctrine’s 
statement  that  the  cyberspace  domain  is  a  manmade  virtual  domain. 
Further  study  reveals  its  natural  similarities  to  the  other  domains,  as 
defined  by  the  electromagnetic  spectrum  environment.  Viewing  the 
cyberspace  domain  as  the  fifth  dimension  (to  air,  land,  sea,  and 
space),  more  people  conclude  that  it  is  no  different  than  the  other 
four  dimensions,  where  we  develop  and  use  man-made  technology 
to  enter,  maneuver,  and  exploit  those  domains.  [6]  In  addition,  the 
unique  characteristics  of  the  cyberspace  domain  dictate  how  we 
operate  within  it. 

Cyberspace  is  a  loaded  term  that  invokes  various  definitions  from 
different  organizations  and  people.^  Having  limited  operational 


experiences  in  cyberspace,  the  Air  Force  must  use  its  experience  in 
other  warfighting  domains  in  order  to  develop  sound  doctrine.  After 
all,  cyberspace  operations  support  the  same  functions  as  air  and 
space  operations.  As  former  secretary  of  the  Air  Force  Michael  W. 
Wynne  wrote,  “All  aspects  of  air  war  will  have  some  equivalent  role 
in  cyber  war.”[l]  With  the  advent  of  cyberspace  operations,  some 
changes  do  need  to  take  place,  to  include  differentiating  cyberspace 
operations  from  IO.  Further,  a  new  countercyberspace  function 
should  be  added  to  underscore  its  importance  as  a  separate  Air  Force 
function  in  the  cyberspace  domain.  As  Lonsdale  points  out, 
“Although  cyberspace  has  a  part  to  play  in  all  of  the  dimensions,  it 
does  not  fundamentally  alter  anything  of  real  significance  in  strate¬ 
gy.  Thus,  like  the  air  dimension  before  it,  cyberspace  affects  the 
grammar  of  war,  but  not  its  logic.”  [3] 

With  time,  our  experience  in  conducting  cyberspace  operations 
and  working  in  the  cyberspace  domain  will  grow  and  become 
embedded  in  our  daily  operations;  we  will  accept  those  operations 
in  the  same  way  we  do  air  and  space  operations.  Cyberspace  doc¬ 
trine  will  evolve  so  that  we  can  translate  ideas  into  practice  in  the 
most  effective  way  possible.  In  the  meantime,  we  must  examine 
and  learn  from  the  similarities  and  differences  among  air,  space, 
and  cyberspace  operations  in  support  of  air,  space,  and  cyberspace 
functions. 
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